Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with 'Security Guard 2012' (vs previous version(s) which do not denote year)


  • This topic is locked This topic is locked
3 replies to this topic

#1 the_waDsworth

the_waDsworth

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 04 October 2011 - 01:25 PM

I am dealing with a bug called Security Guard 2012. I have a Vista 32 bit system with 2gb ram and i dont know what chip or mhz its at. (i know this is irrelevant mostly, but i want to add as detail as possible)

Went through all the steps found here: (http://www.bleepingcomputer.com/virus-removal/remove-security-guard)
but it seems as though there is a rootkit with this '2012' version

All 6 versions of 'RKILL' do not stop any processes.

I have followed the directions on the preparations page but have been mostly unsuccessful. (http://www.bleepingcomputer.com/forums/topic34773.html)

I have attempted to run DDS logs but when i click the file DDS.SCR it does nothing.

and i cannot get the GMER file to uncompress/unzip itself to get what is inside.

I am fairly knowledgeable when it comes to computers, the steps needed with the link i posted above for the previous (non 2012) version of this bug were nearly what I knew to do on my own.

I will keep trying to get GMER and DDS logs, but it does not appear as though i can get them readily. would being in safe mode potentially help?



THANKS IN ADVANCE!!!!

Edited by the_waDsworth, 04 October 2011 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 09 October 2011 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs and wait for my next instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 14 October 2011 - 09:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 AM

Posted 19 October 2011 - 01:22 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users